View All Jobs 154113

Lead Security Engineer – Core Technology Team

Develop and enforce security strategies for AI-driven cloud-native e-commerce systems
Stockholm, Sweden
Senior
yesterday
Apotea

Apotea

A Swedish online pharmacy offering a wide range of pharmaceutical products and health-related items with home delivery services.

Lead Security Engineer

Apotea is Sweden's largest online pharmacy, committed to making healthcare products accessible and efficient for everyone. We're on a mission to build the next generation of e-commerce and logistics, from scratch, but with lots of domain expertise and genuine care for our customers. Our vision in the Tech department is to redefine how AI and automation power modern businesses — not by forcing AI into traditional workflows, but by creating AI-driven and automated systems that give humans control, insight, and the ability to apply their expertise where it matters most.

The Core Technology Team shapes the architectural foundation that supports everything we do — from e-commerce and logistics to data, AI/ML, and customer experience. We ensure that every development aligns with our long-term vision and contributes to Apotea's growth.

We are now looking for a Lead Security Engineer to take end-to-end ownership of Apotea's security engineering strategy, ensure we remain resilient and compliant, and enable our teams to build and innovate securely at scale.

The Role

As Lead Security Engineer, you'll be at the center of Apotea's transformation. You will define, implement, and evolve Apotea's security practices across AWS (serverless-first), e-commerce, logistics, and data platforms. This role combines strategic leadership with hands-on engineering. At Apotea, engineers are expected to take ownership of the full software lifecycle, so your role will be both to implement security yourself and to empower others to build securely. You'll work closely with architects, engineers, and business stakeholders to ensure every development is secure, resilient, and aligned with regulations such as GDPR and Swedish healthcare standards.

You will also be the first-line responsible person for all technical security initiatives in the Tech department, defining guardrails, monitoring risks, and ensuring our systems are protected against evolving threats. Part of your role will be to define maturity plans, guide secure-by-design practices, and lead our response capability when incidents occur. You will be responsible for defining secure development practices for vibe coding and the use of AI coding assistants. You will help engineers use AI responsibly, ensuring that generated code meets Apotea's security standards, avoids data leakage, and aligns with compliance and coding guidelines. Finally, you must be able to take complex security concepts and communicate them clearly, aligning the whole organization around security as a shared responsibility.

Key Responsibilities

  • Own and evolve Apotea's security strategy across cloud, applications, and infrastructure.
  • Translate business needs and regulatory requirements into secure and sustainable practices.
  • Define security guardrails, best practices, and reference implementations for teams.
  • Design and implement secure AWS serverless, event-driven, and data-driven systems.
  • Lead identity and access management (IAM) practices, enforcing least-privilege and zero-trust models.
  • Oversee vulnerability management, penetration testing, and patching processes.
  • Ensure secure DevOps pipelines (DevSecOps), including Infrastructure-as-Code checks.
  • Build and operate monitoring, detection, and alerting systems (SIEM, EDR, GuardDuty, Security Hub).
  • Lead incident response: investigate, contain, and recover from security events.
  • Maintain and test playbooks to ensure readiness for emerging threats.
  • Ensure compliance with GDPR, healthcare regulations, and industry security standards.
  • Embed security and privacy by design in all development.
  • Partner with legal, compliance, and business units to ensure regulatory readiness.
  • Provide training and frameworks that help engineers use AI as an accelerator without compromising security or compliance.
  • Work closely with engineers, architects, and product teams to embed security early in the lifecycle.
  • Mentor and coach engineers on secure coding and infrastructure practices.
  • Advocate for a strong security culture across the organization.

We are looking for someone with:

  • Extensive experience in security engineering, including acting as the main/go-to security expert in an organization.
  • Proven expertise in securing AWS environments (IAM, networking, serverless, encryption, monitoring).
  • Strong background in designing secure, scalable, and compliant cloud-native systems.
  • Hands-on experience with security tooling (SIEM, EDR, vulnerability scanners, secrets management).
  • Deep knowledge of DevSecOps and Infrastructure-as-Code security (e.g., CDK, Terraform, CloudFormation).
  • Ability to balance speed of delivery with security risk management, defining maturity plans for security posture.
  • Excellent ability to collaborate across business and tech, with strong communication and leadership skills.
  • Programming/scripting skills (Go, TypeScript, .NET, Python or similar).

Nice to have:

  • Experience in regulated industries such as healthcare, finance, or logistics.
  • Familiarity with compliance frameworks (ISO 27001, NIST, PCI-DSS).
  • Background in penetration testing, forensics, or red/blue team operations.

Why join Apotea?

  • A stable, future-focused company with a meaningful mission to improve healthcare accessibility.
  • The chance to work on cutting-edge AI, ML, and automation projects that impact millions of customers.
  • Opportunity to work with modern cloud-native technologies (serverless, AI, automation, event-driven).
  • Join a flat, agile organization with minimal bureaucracy.
  • Opportunities for career growth through training, mentorship, and industry conferences.
  • Collaborate in a cross-functional, transparent environment.
  • Own projects from concept to deployment.
  • Join a culture of experimentation, collaboration, and innovation.

Apotea.se is Sweden's largest online pharmacy, with the country's broadest range of over 32,000 non-prescription items and nearly 19,000 prescription drugs for humans and animals. Recognized as Sweden's most sustainable e-commerce company (Sustainable Brand Index 2021), we simplify everyday life for our customers with fast deliveries and expert advice. In 2024, Apotea reached a turnover of SEK 6.5 billion and currently employs about 1,000 people across Stockholm, Lidingö, and Morgongåva.

Apotea is an inclusive employer that values diversity. We welcome all applicants and strive to create a work environment where people, regardless of background, gender, age, religion, or disability, can thrive and grow.

Recruitment Process

  1. Apply
  2. Interview: Screening
  3. Interview: Technical Capabilities
  4. Interview: Culture Fit
  5. Background Check: As a pharmacy, we always conduct a background check.
  6. Offer Presented

Application: Do not hesitate to send in your application already today. For more information or questions, visit our career page or contact us at jobb@apotea.se. We do not accept applications via email.

+ Show Original Job Post
























Lead Security Engineer – Core Technology Team
Stockholm, Sweden
Engineering
About Apotea
A Swedish online pharmacy offering a wide range of pharmaceutical products and health-related items with home delivery services.